1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * NXP Wireless LAN device driver: 802.11n RX Re-ordering 4 * 5 * Copyright 2011-2020 NXP 6 */ 7 8 #include "decl.h" 9 #include "ioctl.h" 10 #include "util.h" 11 #include "fw.h" 12 #include "main.h" 13 #include "wmm.h" 14 #include "11n.h" 15 #include "11n_rxreorder.h" 16 17 /* This function will dispatch amsdu packet and forward it to kernel/upper 18 * layer. 19 */ 20 static int mwifiex_11n_dispatch_amsdu_pkt(struct mwifiex_private *priv, 21 struct sk_buff *skb) 22 { 23 struct rxpd *local_rx_pd = (struct rxpd *)(skb->data); 24 int ret; 25 26 if (le16_to_cpu(local_rx_pd->rx_pkt_type) == PKT_TYPE_AMSDU) { 27 struct sk_buff_head list; 28 struct sk_buff *rx_skb; 29 30 __skb_queue_head_init(&list); 31 32 skb_pull(skb, le16_to_cpu(local_rx_pd->rx_pkt_offset)); 33 skb_trim(skb, le16_to_cpu(local_rx_pd->rx_pkt_length)); 34 35 ieee80211_amsdu_to_8023s(skb, &list, priv->curr_addr, 36 priv->wdev.iftype, 0, NULL, NULL, false); 37 38 while (!skb_queue_empty(&list)) { 39 struct rx_packet_hdr *rx_hdr; 40 41 rx_skb = __skb_dequeue(&list); 42 rx_hdr = (struct rx_packet_hdr *)rx_skb->data; 43 if (ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 44 ntohs(rx_hdr->eth803_hdr.h_proto) == ETH_P_TDLS) { 45 mwifiex_process_tdls_action_frame(priv, 46 (u8 *)rx_hdr, 47 skb->len); 48 } 49 50 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 51 ret = mwifiex_uap_recv_packet(priv, rx_skb); 52 else 53 ret = mwifiex_recv_packet(priv, rx_skb); 54 if (ret == -1) 55 mwifiex_dbg(priv->adapter, ERROR, 56 "Rx of A-MSDU failed"); 57 } 58 return 0; 59 } 60 61 return -1; 62 } 63 64 /* This function will process the rx packet and forward it to kernel/upper 65 * layer. 66 */ 67 static int mwifiex_11n_dispatch_pkt(struct mwifiex_private *priv, 68 struct sk_buff *payload) 69 { 70 71 int ret; 72 73 if (!payload) { 74 mwifiex_dbg(priv->adapter, INFO, "info: fw drop data\n"); 75 return 0; 76 } 77 78 ret = mwifiex_11n_dispatch_amsdu_pkt(priv, payload); 79 if (!ret) 80 return 0; 81 82 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) 83 return mwifiex_handle_uap_rx_forward(priv, payload); 84 85 return mwifiex_process_rx_packet(priv, payload); 86 } 87 88 /* 89 * This function dispatches all packets in the Rx reorder table until the 90 * start window. 91 * 92 * There could be holes in the buffer, which are skipped by the function. 93 * Since the buffer is linear, the function uses rotation to simulate 94 * circular buffer. 95 */ 96 static void 97 mwifiex_11n_dispatch_pkt_until_start_win(struct mwifiex_private *priv, 98 struct mwifiex_rx_reorder_tbl *tbl, 99 int start_win) 100 { 101 struct sk_buff_head list; 102 struct sk_buff *skb; 103 int pkt_to_send, i; 104 105 __skb_queue_head_init(&list); 106 spin_lock_bh(&priv->rx_reorder_tbl_lock); 107 108 pkt_to_send = (start_win > tbl->start_win) ? 109 min((start_win - tbl->start_win), tbl->win_size) : 110 tbl->win_size; 111 112 for (i = 0; i < pkt_to_send; ++i) { 113 if (tbl->rx_reorder_ptr[i]) { 114 skb = tbl->rx_reorder_ptr[i]; 115 __skb_queue_tail(&list, skb); 116 tbl->rx_reorder_ptr[i] = NULL; 117 } 118 } 119 120 /* 121 * We don't have a circular buffer, hence use rotation to simulate 122 * circular buffer 123 */ 124 for (i = 0; i < tbl->win_size - pkt_to_send; ++i) { 125 tbl->rx_reorder_ptr[i] = tbl->rx_reorder_ptr[pkt_to_send + i]; 126 tbl->rx_reorder_ptr[pkt_to_send + i] = NULL; 127 } 128 129 tbl->start_win = start_win; 130 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 131 132 while ((skb = __skb_dequeue(&list))) 133 mwifiex_11n_dispatch_pkt(priv, skb); 134 } 135 136 /* 137 * This function dispatches all packets in the Rx reorder table until 138 * a hole is found. 139 * 140 * The start window is adjusted automatically when a hole is located. 141 * Since the buffer is linear, the function uses rotation to simulate 142 * circular buffer. 143 */ 144 static void 145 mwifiex_11n_scan_and_dispatch(struct mwifiex_private *priv, 146 struct mwifiex_rx_reorder_tbl *tbl) 147 { 148 struct sk_buff_head list; 149 struct sk_buff *skb; 150 int i, j, xchg; 151 152 __skb_queue_head_init(&list); 153 spin_lock_bh(&priv->rx_reorder_tbl_lock); 154 155 for (i = 0; i < tbl->win_size; ++i) { 156 if (!tbl->rx_reorder_ptr[i]) 157 break; 158 skb = tbl->rx_reorder_ptr[i]; 159 __skb_queue_tail(&list, skb); 160 tbl->rx_reorder_ptr[i] = NULL; 161 } 162 163 /* 164 * We don't have a circular buffer, hence use rotation to simulate 165 * circular buffer 166 */ 167 if (i > 0) { 168 xchg = tbl->win_size - i; 169 for (j = 0; j < xchg; ++j) { 170 tbl->rx_reorder_ptr[j] = tbl->rx_reorder_ptr[i + j]; 171 tbl->rx_reorder_ptr[i + j] = NULL; 172 } 173 } 174 tbl->start_win = (tbl->start_win + i) & (MAX_TID_VALUE - 1); 175 176 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 177 178 while ((skb = __skb_dequeue(&list))) 179 mwifiex_11n_dispatch_pkt(priv, skb); 180 } 181 182 /* 183 * This function deletes the Rx reorder table and frees the memory. 184 * 185 * The function stops the associated timer and dispatches all the 186 * pending packets in the Rx reorder table before deletion. 187 */ 188 static void 189 mwifiex_del_rx_reorder_entry(struct mwifiex_private *priv, 190 struct mwifiex_rx_reorder_tbl *tbl) 191 { 192 int start_win; 193 194 if (!tbl) 195 return; 196 197 spin_lock_bh(&priv->adapter->rx_proc_lock); 198 priv->adapter->rx_locked = true; 199 if (priv->adapter->rx_processing) { 200 spin_unlock_bh(&priv->adapter->rx_proc_lock); 201 flush_workqueue(priv->adapter->rx_workqueue); 202 } else { 203 spin_unlock_bh(&priv->adapter->rx_proc_lock); 204 } 205 206 start_win = (tbl->start_win + tbl->win_size) & (MAX_TID_VALUE - 1); 207 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 208 209 del_timer_sync(&tbl->timer_context.timer); 210 tbl->timer_context.timer_is_set = false; 211 212 spin_lock_bh(&priv->rx_reorder_tbl_lock); 213 list_del(&tbl->list); 214 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 215 216 kfree(tbl->rx_reorder_ptr); 217 kfree(tbl); 218 219 spin_lock_bh(&priv->adapter->rx_proc_lock); 220 priv->adapter->rx_locked = false; 221 spin_unlock_bh(&priv->adapter->rx_proc_lock); 222 223 } 224 225 /* 226 * This function returns the pointer to an entry in Rx reordering 227 * table which matches the given TA/TID pair. 228 */ 229 struct mwifiex_rx_reorder_tbl * 230 mwifiex_11n_get_rx_reorder_tbl(struct mwifiex_private *priv, int tid, u8 *ta) 231 { 232 struct mwifiex_rx_reorder_tbl *tbl; 233 234 spin_lock_bh(&priv->rx_reorder_tbl_lock); 235 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) { 236 if (!memcmp(tbl->ta, ta, ETH_ALEN) && tbl->tid == tid) { 237 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 238 return tbl; 239 } 240 } 241 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 242 243 return NULL; 244 } 245 246 /* This function retrieves the pointer to an entry in Rx reordering 247 * table which matches the given TA and deletes it. 248 */ 249 void mwifiex_11n_del_rx_reorder_tbl_by_ta(struct mwifiex_private *priv, u8 *ta) 250 { 251 struct mwifiex_rx_reorder_tbl *tbl, *tmp; 252 253 if (!ta) 254 return; 255 256 spin_lock_bh(&priv->rx_reorder_tbl_lock); 257 list_for_each_entry_safe(tbl, tmp, &priv->rx_reorder_tbl_ptr, list) { 258 if (!memcmp(tbl->ta, ta, ETH_ALEN)) { 259 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 260 mwifiex_del_rx_reorder_entry(priv, tbl); 261 spin_lock_bh(&priv->rx_reorder_tbl_lock); 262 } 263 } 264 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 265 266 return; 267 } 268 269 /* 270 * This function finds the last sequence number used in the packets 271 * buffered in Rx reordering table. 272 */ 273 static int 274 mwifiex_11n_find_last_seq_num(struct reorder_tmr_cnxt *ctx) 275 { 276 struct mwifiex_rx_reorder_tbl *rx_reorder_tbl_ptr = ctx->ptr; 277 struct mwifiex_private *priv = ctx->priv; 278 int i; 279 280 spin_lock_bh(&priv->rx_reorder_tbl_lock); 281 for (i = rx_reorder_tbl_ptr->win_size - 1; i >= 0; --i) { 282 if (rx_reorder_tbl_ptr->rx_reorder_ptr[i]) { 283 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 284 return i; 285 } 286 } 287 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 288 289 return -1; 290 } 291 292 /* 293 * This function flushes all the packets in Rx reordering table. 294 * 295 * The function checks if any packets are currently buffered in the 296 * table or not. In case there are packets available, it dispatches 297 * them and then dumps the Rx reordering table. 298 */ 299 static void 300 mwifiex_flush_data(struct timer_list *t) 301 { 302 struct reorder_tmr_cnxt *ctx = 303 from_timer(ctx, t, timer); 304 int start_win, seq_num; 305 306 ctx->timer_is_set = false; 307 seq_num = mwifiex_11n_find_last_seq_num(ctx); 308 309 if (seq_num < 0) 310 return; 311 312 mwifiex_dbg(ctx->priv->adapter, INFO, "info: flush data %d\n", seq_num); 313 start_win = (ctx->ptr->start_win + seq_num + 1) & (MAX_TID_VALUE - 1); 314 mwifiex_11n_dispatch_pkt_until_start_win(ctx->priv, ctx->ptr, 315 start_win); 316 } 317 318 /* 319 * This function creates an entry in Rx reordering table for the 320 * given TA/TID. 321 * 322 * The function also initializes the entry with sequence number, window 323 * size as well as initializes the timer. 324 * 325 * If the received TA/TID pair is already present, all the packets are 326 * dispatched and the window size is moved until the SSN. 327 */ 328 static void 329 mwifiex_11n_create_rx_reorder_tbl(struct mwifiex_private *priv, u8 *ta, 330 int tid, int win_size, int seq_num) 331 { 332 int i; 333 struct mwifiex_rx_reorder_tbl *tbl, *new_node; 334 u16 last_seq = 0; 335 struct mwifiex_sta_node *node; 336 337 /* 338 * If we get a TID, ta pair which is already present dispatch all 339 * the packets and move the window size until the ssn 340 */ 341 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 342 if (tbl) { 343 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, seq_num); 344 return; 345 } 346 /* if !tbl then create one */ 347 new_node = kzalloc(sizeof(struct mwifiex_rx_reorder_tbl), GFP_KERNEL); 348 if (!new_node) 349 return; 350 351 INIT_LIST_HEAD(&new_node->list); 352 new_node->tid = tid; 353 memcpy(new_node->ta, ta, ETH_ALEN); 354 new_node->start_win = seq_num; 355 new_node->init_win = seq_num; 356 new_node->flags = 0; 357 358 spin_lock_bh(&priv->sta_list_spinlock); 359 if (mwifiex_queuing_ra_based(priv)) { 360 if (priv->bss_role == MWIFIEX_BSS_ROLE_UAP) { 361 node = mwifiex_get_sta_entry(priv, ta); 362 if (node) 363 last_seq = node->rx_seq[tid]; 364 } 365 } else { 366 node = mwifiex_get_sta_entry(priv, ta); 367 if (node) 368 last_seq = node->rx_seq[tid]; 369 else 370 last_seq = priv->rx_seq[tid]; 371 } 372 spin_unlock_bh(&priv->sta_list_spinlock); 373 374 mwifiex_dbg(priv->adapter, INFO, 375 "info: last_seq=%d start_win=%d\n", 376 last_seq, new_node->start_win); 377 378 if (last_seq != MWIFIEX_DEF_11N_RX_SEQ_NUM && 379 last_seq >= new_node->start_win) { 380 new_node->start_win = last_seq + 1; 381 new_node->flags |= RXREOR_INIT_WINDOW_SHIFT; 382 } 383 384 new_node->win_size = win_size; 385 386 new_node->rx_reorder_ptr = kcalloc(win_size, sizeof(void *), 387 GFP_KERNEL); 388 if (!new_node->rx_reorder_ptr) { 389 kfree(new_node); 390 mwifiex_dbg(priv->adapter, ERROR, 391 "%s: failed to alloc reorder_ptr\n", __func__); 392 return; 393 } 394 395 new_node->timer_context.ptr = new_node; 396 new_node->timer_context.priv = priv; 397 new_node->timer_context.timer_is_set = false; 398 399 timer_setup(&new_node->timer_context.timer, mwifiex_flush_data, 0); 400 401 for (i = 0; i < win_size; ++i) 402 new_node->rx_reorder_ptr[i] = NULL; 403 404 spin_lock_bh(&priv->rx_reorder_tbl_lock); 405 list_add_tail(&new_node->list, &priv->rx_reorder_tbl_ptr); 406 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 407 } 408 409 static void 410 mwifiex_11n_rxreorder_timer_restart(struct mwifiex_rx_reorder_tbl *tbl) 411 { 412 u32 min_flush_time; 413 414 if (tbl->win_size >= MWIFIEX_BA_WIN_SIZE_32) 415 min_flush_time = MIN_FLUSH_TIMER_15_MS; 416 else 417 min_flush_time = MIN_FLUSH_TIMER_MS; 418 419 mod_timer(&tbl->timer_context.timer, 420 jiffies + msecs_to_jiffies(min_flush_time * tbl->win_size)); 421 422 tbl->timer_context.timer_is_set = true; 423 } 424 425 /* 426 * This function prepares command for adding a BA request. 427 * 428 * Preparation includes - 429 * - Setting command ID and proper size 430 * - Setting add BA request buffer 431 * - Ensuring correct endian-ness 432 */ 433 int mwifiex_cmd_11n_addba_req(struct host_cmd_ds_command *cmd, void *data_buf) 434 { 435 struct host_cmd_ds_11n_addba_req *add_ba_req = &cmd->params.add_ba_req; 436 437 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_REQ); 438 cmd->size = cpu_to_le16(sizeof(*add_ba_req) + S_DS_GEN); 439 memcpy(add_ba_req, data_buf, sizeof(*add_ba_req)); 440 441 return 0; 442 } 443 444 /* 445 * This function prepares command for adding a BA response. 446 * 447 * Preparation includes - 448 * - Setting command ID and proper size 449 * - Setting add BA response buffer 450 * - Ensuring correct endian-ness 451 */ 452 int mwifiex_cmd_11n_addba_rsp_gen(struct mwifiex_private *priv, 453 struct host_cmd_ds_command *cmd, 454 struct host_cmd_ds_11n_addba_req 455 *cmd_addba_req) 456 { 457 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &cmd->params.add_ba_rsp; 458 struct mwifiex_sta_node *sta_ptr; 459 u32 rx_win_size = priv->add_ba_param.rx_win_size; 460 u8 tid; 461 int win_size; 462 uint16_t block_ack_param_set; 463 464 if ((GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) && 465 ISSUPP_TDLS_ENABLED(priv->adapter->fw_cap_info) && 466 priv->adapter->is_hw_11ac_capable && 467 memcmp(priv->cfg_bssid, cmd_addba_req->peer_mac_addr, ETH_ALEN)) { 468 spin_lock_bh(&priv->sta_list_spinlock); 469 sta_ptr = mwifiex_get_sta_entry(priv, 470 cmd_addba_req->peer_mac_addr); 471 if (!sta_ptr) { 472 spin_unlock_bh(&priv->sta_list_spinlock); 473 mwifiex_dbg(priv->adapter, ERROR, 474 "BA setup with unknown TDLS peer %pM!\n", 475 cmd_addba_req->peer_mac_addr); 476 return -1; 477 } 478 if (sta_ptr->is_11ac_enabled) 479 rx_win_size = MWIFIEX_11AC_STA_AMPDU_DEF_RXWINSIZE; 480 spin_unlock_bh(&priv->sta_list_spinlock); 481 } 482 483 cmd->command = cpu_to_le16(HostCmd_CMD_11N_ADDBA_RSP); 484 cmd->size = cpu_to_le16(sizeof(*add_ba_rsp) + S_DS_GEN); 485 486 memcpy(add_ba_rsp->peer_mac_addr, cmd_addba_req->peer_mac_addr, 487 ETH_ALEN); 488 add_ba_rsp->dialog_token = cmd_addba_req->dialog_token; 489 add_ba_rsp->block_ack_tmo = cmd_addba_req->block_ack_tmo; 490 add_ba_rsp->ssn = cmd_addba_req->ssn; 491 492 block_ack_param_set = le16_to_cpu(cmd_addba_req->block_ack_param_set); 493 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 494 >> BLOCKACKPARAM_TID_POS; 495 add_ba_rsp->status_code = cpu_to_le16(ADDBA_RSP_STATUS_ACCEPT); 496 block_ack_param_set &= ~IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK; 497 498 /* If we don't support AMSDU inside AMPDU, reset the bit */ 499 if (!priv->add_ba_param.rx_amsdu || 500 (priv->aggr_prio_tbl[tid].amsdu == BA_STREAM_NOT_ALLOWED)) 501 block_ack_param_set &= ~BLOCKACKPARAM_AMSDU_SUPP_MASK; 502 block_ack_param_set |= rx_win_size << BLOCKACKPARAM_WINSIZE_POS; 503 add_ba_rsp->block_ack_param_set = cpu_to_le16(block_ack_param_set); 504 win_size = (le16_to_cpu(add_ba_rsp->block_ack_param_set) 505 & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 506 >> BLOCKACKPARAM_WINSIZE_POS; 507 cmd_addba_req->block_ack_param_set = cpu_to_le16(block_ack_param_set); 508 509 mwifiex_11n_create_rx_reorder_tbl(priv, cmd_addba_req->peer_mac_addr, 510 tid, win_size, 511 le16_to_cpu(cmd_addba_req->ssn)); 512 return 0; 513 } 514 515 /* 516 * This function prepares command for deleting a BA request. 517 * 518 * Preparation includes - 519 * - Setting command ID and proper size 520 * - Setting del BA request buffer 521 * - Ensuring correct endian-ness 522 */ 523 int mwifiex_cmd_11n_delba(struct host_cmd_ds_command *cmd, void *data_buf) 524 { 525 struct host_cmd_ds_11n_delba *del_ba = &cmd->params.del_ba; 526 527 cmd->command = cpu_to_le16(HostCmd_CMD_11N_DELBA); 528 cmd->size = cpu_to_le16(sizeof(*del_ba) + S_DS_GEN); 529 memcpy(del_ba, data_buf, sizeof(*del_ba)); 530 531 return 0; 532 } 533 534 /* 535 * This function identifies if Rx reordering is needed for a received packet. 536 * 537 * In case reordering is required, the function will do the reordering 538 * before sending it to kernel. 539 * 540 * The Rx reorder table is checked first with the received TID/TA pair. If 541 * not found, the received packet is dispatched immediately. But if found, 542 * the packet is reordered and all the packets in the updated Rx reordering 543 * table is dispatched until a hole is found. 544 * 545 * For sequence number less than the starting window, the packet is dropped. 546 */ 547 int mwifiex_11n_rx_reorder_pkt(struct mwifiex_private *priv, 548 u16 seq_num, u16 tid, 549 u8 *ta, u8 pkt_type, void *payload) 550 { 551 struct mwifiex_rx_reorder_tbl *tbl; 552 int prev_start_win, start_win, end_win, win_size; 553 u16 pkt_index; 554 bool init_window_shift = false; 555 int ret = 0; 556 557 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, ta); 558 if (!tbl) { 559 if (pkt_type != PKT_TYPE_BAR) 560 mwifiex_11n_dispatch_pkt(priv, payload); 561 return ret; 562 } 563 564 if ((pkt_type == PKT_TYPE_AMSDU) && !tbl->amsdu) { 565 mwifiex_11n_dispatch_pkt(priv, payload); 566 return ret; 567 } 568 569 start_win = tbl->start_win; 570 prev_start_win = start_win; 571 win_size = tbl->win_size; 572 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 573 if (tbl->flags & RXREOR_INIT_WINDOW_SHIFT) { 574 init_window_shift = true; 575 tbl->flags &= ~RXREOR_INIT_WINDOW_SHIFT; 576 } 577 578 if (tbl->flags & RXREOR_FORCE_NO_DROP) { 579 mwifiex_dbg(priv->adapter, INFO, 580 "RXREOR_FORCE_NO_DROP when HS is activated\n"); 581 tbl->flags &= ~RXREOR_FORCE_NO_DROP; 582 } else if (init_window_shift && seq_num < start_win && 583 seq_num >= tbl->init_win) { 584 mwifiex_dbg(priv->adapter, INFO, 585 "Sender TID sequence number reset %d->%d for SSN %d\n", 586 start_win, seq_num, tbl->init_win); 587 tbl->start_win = start_win = seq_num; 588 end_win = ((start_win + win_size) - 1) & (MAX_TID_VALUE - 1); 589 } else { 590 /* 591 * If seq_num is less then starting win then ignore and drop 592 * the packet 593 */ 594 if ((start_win + TWOPOW11) > (MAX_TID_VALUE - 1)) { 595 if (seq_num >= ((start_win + TWOPOW11) & 596 (MAX_TID_VALUE - 1)) && 597 seq_num < start_win) { 598 ret = -1; 599 goto done; 600 } 601 } else if ((seq_num < start_win) || 602 (seq_num >= (start_win + TWOPOW11))) { 603 ret = -1; 604 goto done; 605 } 606 } 607 608 /* 609 * If this packet is a BAR we adjust seq_num as 610 * WinStart = seq_num 611 */ 612 if (pkt_type == PKT_TYPE_BAR) 613 seq_num = ((seq_num + win_size) - 1) & (MAX_TID_VALUE - 1); 614 615 if (((end_win < start_win) && 616 (seq_num < start_win) && (seq_num > end_win)) || 617 ((end_win > start_win) && ((seq_num > end_win) || 618 (seq_num < start_win)))) { 619 end_win = seq_num; 620 if (((end_win - win_size) + 1) >= 0) 621 start_win = (end_win - win_size) + 1; 622 else 623 start_win = (MAX_TID_VALUE - (win_size - end_win)) + 1; 624 mwifiex_11n_dispatch_pkt_until_start_win(priv, tbl, start_win); 625 } 626 627 if (pkt_type != PKT_TYPE_BAR) { 628 if (seq_num >= start_win) 629 pkt_index = seq_num - start_win; 630 else 631 pkt_index = (seq_num+MAX_TID_VALUE) - start_win; 632 633 if (tbl->rx_reorder_ptr[pkt_index]) { 634 ret = -1; 635 goto done; 636 } 637 638 tbl->rx_reorder_ptr[pkt_index] = payload; 639 } 640 641 /* 642 * Dispatch all packets sequentially from start_win until a 643 * hole is found and adjust the start_win appropriately 644 */ 645 mwifiex_11n_scan_and_dispatch(priv, tbl); 646 647 done: 648 if (!tbl->timer_context.timer_is_set || 649 prev_start_win != tbl->start_win) 650 mwifiex_11n_rxreorder_timer_restart(tbl); 651 return ret; 652 } 653 654 /* 655 * This function deletes an entry for a given TID/TA pair. 656 * 657 * The TID/TA are taken from del BA event body. 658 */ 659 void 660 mwifiex_del_ba_tbl(struct mwifiex_private *priv, int tid, u8 *peer_mac, 661 u8 type, int initiator) 662 { 663 struct mwifiex_rx_reorder_tbl *tbl; 664 struct mwifiex_tx_ba_stream_tbl *ptx_tbl; 665 struct mwifiex_ra_list_tbl *ra_list; 666 u8 cleanup_rx_reorder_tbl; 667 int tid_down; 668 669 if (type == TYPE_DELBA_RECEIVE) 670 cleanup_rx_reorder_tbl = (initiator) ? true : false; 671 else 672 cleanup_rx_reorder_tbl = (initiator) ? false : true; 673 674 mwifiex_dbg(priv->adapter, EVENT, "event: DELBA: %pM tid=%d initiator=%d\n", 675 peer_mac, tid, initiator); 676 677 if (cleanup_rx_reorder_tbl) { 678 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 679 peer_mac); 680 if (!tbl) { 681 mwifiex_dbg(priv->adapter, EVENT, 682 "event: TID, TA not found in table\n"); 683 return; 684 } 685 mwifiex_del_rx_reorder_entry(priv, tbl); 686 } else { 687 ptx_tbl = mwifiex_get_ba_tbl(priv, tid, peer_mac); 688 if (!ptx_tbl) { 689 mwifiex_dbg(priv->adapter, EVENT, 690 "event: TID, RA not found in table\n"); 691 return; 692 } 693 694 tid_down = mwifiex_wmm_downgrade_tid(priv, tid); 695 ra_list = mwifiex_wmm_get_ralist_node(priv, tid_down, peer_mac); 696 if (ra_list) { 697 ra_list->amsdu_in_ampdu = false; 698 ra_list->ba_status = BA_SETUP_NONE; 699 } 700 spin_lock_bh(&priv->tx_ba_stream_tbl_lock); 701 mwifiex_11n_delete_tx_ba_stream_tbl_entry(priv, ptx_tbl); 702 spin_unlock_bh(&priv->tx_ba_stream_tbl_lock); 703 } 704 } 705 706 /* 707 * This function handles the command response of an add BA response. 708 * 709 * Handling includes changing the header fields into CPU format and 710 * creating the stream, provided the add BA is accepted. 711 */ 712 int mwifiex_ret_11n_addba_resp(struct mwifiex_private *priv, 713 struct host_cmd_ds_command *resp) 714 { 715 struct host_cmd_ds_11n_addba_rsp *add_ba_rsp = &resp->params.add_ba_rsp; 716 int tid, win_size; 717 struct mwifiex_rx_reorder_tbl *tbl; 718 uint16_t block_ack_param_set; 719 720 block_ack_param_set = le16_to_cpu(add_ba_rsp->block_ack_param_set); 721 722 tid = (block_ack_param_set & IEEE80211_ADDBA_PARAM_TID_MASK) 723 >> BLOCKACKPARAM_TID_POS; 724 /* 725 * Check if we had rejected the ADDBA, if yes then do not create 726 * the stream 727 */ 728 if (le16_to_cpu(add_ba_rsp->status_code) != BA_RESULT_SUCCESS) { 729 mwifiex_dbg(priv->adapter, ERROR, "ADDBA RSP: failed %pM tid=%d)\n", 730 add_ba_rsp->peer_mac_addr, tid); 731 732 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 733 add_ba_rsp->peer_mac_addr); 734 if (tbl) 735 mwifiex_del_rx_reorder_entry(priv, tbl); 736 737 return 0; 738 } 739 740 win_size = (block_ack_param_set & IEEE80211_ADDBA_PARAM_BUF_SIZE_MASK) 741 >> BLOCKACKPARAM_WINSIZE_POS; 742 743 tbl = mwifiex_11n_get_rx_reorder_tbl(priv, tid, 744 add_ba_rsp->peer_mac_addr); 745 if (tbl) { 746 if ((block_ack_param_set & BLOCKACKPARAM_AMSDU_SUPP_MASK) && 747 priv->add_ba_param.rx_amsdu && 748 (priv->aggr_prio_tbl[tid].amsdu != BA_STREAM_NOT_ALLOWED)) 749 tbl->amsdu = true; 750 else 751 tbl->amsdu = false; 752 } 753 754 mwifiex_dbg(priv->adapter, CMD, 755 "cmd: ADDBA RSP: %pM tid=%d ssn=%d win_size=%d\n", 756 add_ba_rsp->peer_mac_addr, tid, add_ba_rsp->ssn, win_size); 757 758 return 0; 759 } 760 761 /* 762 * This function handles BA stream timeout event by preparing and sending 763 * a command to the firmware. 764 */ 765 void mwifiex_11n_ba_stream_timeout(struct mwifiex_private *priv, 766 struct host_cmd_ds_11n_batimeout *event) 767 { 768 struct host_cmd_ds_11n_delba delba; 769 770 memset(&delba, 0, sizeof(struct host_cmd_ds_11n_delba)); 771 memcpy(delba.peer_mac_addr, event->peer_mac_addr, ETH_ALEN); 772 773 delba.del_ba_param_set |= 774 cpu_to_le16((u16) event->tid << DELBA_TID_POS); 775 delba.del_ba_param_set |= cpu_to_le16( 776 (u16) event->origninator << DELBA_INITIATOR_POS); 777 delba.reason_code = cpu_to_le16(WLAN_REASON_QSTA_TIMEOUT); 778 mwifiex_send_cmd(priv, HostCmd_CMD_11N_DELBA, 0, 0, &delba, false); 779 } 780 781 /* 782 * This function cleans up the Rx reorder table by deleting all the entries 783 * and re-initializing. 784 */ 785 void mwifiex_11n_cleanup_reorder_tbl(struct mwifiex_private *priv) 786 { 787 struct mwifiex_rx_reorder_tbl *del_tbl_ptr, *tmp_node; 788 789 spin_lock_bh(&priv->rx_reorder_tbl_lock); 790 list_for_each_entry_safe(del_tbl_ptr, tmp_node, 791 &priv->rx_reorder_tbl_ptr, list) { 792 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 793 mwifiex_del_rx_reorder_entry(priv, del_tbl_ptr); 794 spin_lock_bh(&priv->rx_reorder_tbl_lock); 795 } 796 INIT_LIST_HEAD(&priv->rx_reorder_tbl_ptr); 797 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 798 799 mwifiex_reset_11n_rx_seq_num(priv); 800 } 801 802 /* 803 * This function updates all rx_reorder_tbl's flags. 804 */ 805 void mwifiex_update_rxreor_flags(struct mwifiex_adapter *adapter, u8 flags) 806 { 807 struct mwifiex_private *priv; 808 struct mwifiex_rx_reorder_tbl *tbl; 809 int i; 810 811 for (i = 0; i < adapter->priv_num; i++) { 812 priv = adapter->priv[i]; 813 if (!priv) 814 continue; 815 816 spin_lock_bh(&priv->rx_reorder_tbl_lock); 817 list_for_each_entry(tbl, &priv->rx_reorder_tbl_ptr, list) 818 tbl->flags = flags; 819 spin_unlock_bh(&priv->rx_reorder_tbl_lock); 820 } 821 822 return; 823 } 824 825 /* This function update all the rx_win_size based on coex flag 826 */ 827 static void mwifiex_update_ampdu_rxwinsize(struct mwifiex_adapter *adapter, 828 bool coex_flag) 829 { 830 u8 i; 831 u32 rx_win_size; 832 struct mwifiex_private *priv; 833 834 dev_dbg(adapter->dev, "Update rxwinsize %d\n", coex_flag); 835 836 for (i = 0; i < adapter->priv_num; i++) { 837 if (!adapter->priv[i]) 838 continue; 839 priv = adapter->priv[i]; 840 rx_win_size = priv->add_ba_param.rx_win_size; 841 if (coex_flag) { 842 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 843 priv->add_ba_param.rx_win_size = 844 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 845 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 846 priv->add_ba_param.rx_win_size = 847 MWIFIEX_STA_COEX_AMPDU_DEF_RXWINSIZE; 848 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 849 priv->add_ba_param.rx_win_size = 850 MWIFIEX_UAP_COEX_AMPDU_DEF_RXWINSIZE; 851 } else { 852 if (priv->bss_type == MWIFIEX_BSS_TYPE_STA) 853 priv->add_ba_param.rx_win_size = 854 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 855 if (priv->bss_type == MWIFIEX_BSS_TYPE_P2P) 856 priv->add_ba_param.rx_win_size = 857 MWIFIEX_STA_AMPDU_DEF_RXWINSIZE; 858 if (priv->bss_type == MWIFIEX_BSS_TYPE_UAP) 859 priv->add_ba_param.rx_win_size = 860 MWIFIEX_UAP_AMPDU_DEF_RXWINSIZE; 861 } 862 863 if (adapter->coex_win_size && adapter->coex_rx_win_size) 864 priv->add_ba_param.rx_win_size = 865 adapter->coex_rx_win_size; 866 867 if (rx_win_size != priv->add_ba_param.rx_win_size) { 868 if (!priv->media_connected) 869 continue; 870 for (i = 0; i < MAX_NUM_TID; i++) 871 mwifiex_11n_delba(priv, i); 872 } 873 } 874 } 875 876 /* This function check coex for RX BA 877 */ 878 void mwifiex_coex_ampdu_rxwinsize(struct mwifiex_adapter *adapter) 879 { 880 u8 i; 881 struct mwifiex_private *priv; 882 u8 count = 0; 883 884 for (i = 0; i < adapter->priv_num; i++) { 885 if (adapter->priv[i]) { 886 priv = adapter->priv[i]; 887 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_STA) { 888 if (priv->media_connected) 889 count++; 890 } 891 if (GET_BSS_ROLE(priv) == MWIFIEX_BSS_ROLE_UAP) { 892 if (priv->bss_started) 893 count++; 894 } 895 } 896 if (count >= MWIFIEX_BSS_COEX_COUNT) 897 break; 898 } 899 if (count >= MWIFIEX_BSS_COEX_COUNT) 900 mwifiex_update_ampdu_rxwinsize(adapter, true); 901 else 902 mwifiex_update_ampdu_rxwinsize(adapter, false); 903 } 904 905 /* This function handles rxba_sync event 906 */ 907 void mwifiex_11n_rxba_sync_event(struct mwifiex_private *priv, 908 u8 *event_buf, u16 len) 909 { 910 struct mwifiex_ie_types_rxba_sync *tlv_rxba = (void *)event_buf; 911 u16 tlv_type, tlv_len; 912 struct mwifiex_rx_reorder_tbl *rx_reor_tbl_ptr; 913 u8 i, j; 914 u16 seq_num, tlv_seq_num, tlv_bitmap_len; 915 int tlv_buf_left = len; 916 int ret; 917 u8 *tmp; 918 919 mwifiex_dbg_dump(priv->adapter, EVT_D, "RXBA_SYNC event:", 920 event_buf, len); 921 while (tlv_buf_left > sizeof(*tlv_rxba)) { 922 tlv_type = le16_to_cpu(tlv_rxba->header.type); 923 tlv_len = le16_to_cpu(tlv_rxba->header.len); 924 if (size_add(sizeof(tlv_rxba->header), tlv_len) > tlv_buf_left) { 925 mwifiex_dbg(priv->adapter, WARN, 926 "TLV size (%zu) overflows event_buf buf_left=%d\n", 927 size_add(sizeof(tlv_rxba->header), tlv_len), 928 tlv_buf_left); 929 return; 930 } 931 932 if (tlv_type != TLV_TYPE_RXBA_SYNC) { 933 mwifiex_dbg(priv->adapter, ERROR, 934 "Wrong TLV id=0x%x\n", tlv_type); 935 return; 936 } 937 938 tlv_seq_num = le16_to_cpu(tlv_rxba->seq_num); 939 tlv_bitmap_len = le16_to_cpu(tlv_rxba->bitmap_len); 940 if (size_add(sizeof(*tlv_rxba), tlv_bitmap_len) > tlv_buf_left) { 941 mwifiex_dbg(priv->adapter, WARN, 942 "TLV size (%zu) overflows event_buf buf_left=%d\n", 943 size_add(sizeof(*tlv_rxba), tlv_bitmap_len), 944 tlv_buf_left); 945 return; 946 } 947 948 mwifiex_dbg(priv->adapter, INFO, 949 "%pM tid=%d seq_num=%d bitmap_len=%d\n", 950 tlv_rxba->mac, tlv_rxba->tid, tlv_seq_num, 951 tlv_bitmap_len); 952 953 rx_reor_tbl_ptr = 954 mwifiex_11n_get_rx_reorder_tbl(priv, tlv_rxba->tid, 955 tlv_rxba->mac); 956 if (!rx_reor_tbl_ptr) { 957 mwifiex_dbg(priv->adapter, ERROR, 958 "Can not find rx_reorder_tbl!"); 959 return; 960 } 961 962 for (i = 0; i < tlv_bitmap_len; i++) { 963 for (j = 0 ; j < 8; j++) { 964 if (tlv_rxba->bitmap[i] & (1 << j)) { 965 seq_num = (MAX_TID_VALUE - 1) & 966 (tlv_seq_num + i * 8 + j); 967 968 mwifiex_dbg(priv->adapter, ERROR, 969 "drop packet,seq=%d\n", 970 seq_num); 971 972 ret = mwifiex_11n_rx_reorder_pkt 973 (priv, seq_num, tlv_rxba->tid, 974 tlv_rxba->mac, 0, NULL); 975 976 if (ret) 977 mwifiex_dbg(priv->adapter, 978 ERROR, 979 "Fail to drop packet"); 980 } 981 } 982 } 983 984 tlv_buf_left -= (sizeof(tlv_rxba->header) + tlv_len); 985 tmp = (u8 *)tlv_rxba + sizeof(tlv_rxba->header) + tlv_len; 986 tlv_rxba = (struct mwifiex_ie_types_rxba_sync *)tmp; 987 } 988 } 989